google-api-php-client: Service Accounts: Unauthorized client or scope in request.

I’ve tried every combination of things to try and gain some progress on this issue but I can’t get anywhere. I’m trying to use a service account to access a calendar of a user on the domain. The service account is setup, appears to be working fine. As far as I can tell the Domain-wide Delegation is enabled according to https://developers.google.com/identity/protocols/OAuth2ServiceAccount?hl=en_US#delegatingauthority. In my code below, Everything works fine until I set the impersonation account and I get the error in the title.

$client = new Google_Client(); $client->setSubject('email@domain.com'); $client->setAuthConfig($_SERVER['DOCUMENT_ROOT'] . '/private.json');

This will cause any type of api request to fail with the error:

Message: { "error": "unauthorized_client", "error_description": "Unauthorized client or scope in request." }

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 18 (5 by maintainers)

Most upvoted comments

Doh! If anyone finds this and is wondering the same thing (I can’t upgrade to API 2.0 yet because of dependencies on 1.1 still 😕) turns out the problem was mine. Follow these instructions:

https://developers.google.com/api-client-library/php/auth/service-accounts

My issue here was that my scopes array in PHP had one more scope in it than my service account had access to. Thus, not authorized! I didn’t notice at first because the particular thing I was doing using Google APIs was authorized.

+10
coogle on Nov 14, 2016
Read more comments on GitHub
← google-api-php-client: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential
google-api-php-client: Sporadic "Invalid Credentials" Issues - Service Account →